堆栈内存溢出
  简体   繁体   English

SHA256是否具有良好的跨平台支持?

[英]Does SHA256 have good cross platform support?

 原文  2013-11-18 21:21:30       java/ android/ ios/ encryption/ sha256

问题描述

I'm currently designing a new REST API which I'm considering requiring message signing. 我目前正在设计一个新的REST API,正在考虑要求消息签名。 At a high level the model is like this: 在较高的层次上,模型是这样的:

  1. The API consumer is given an API Key and Secret 给API使用者一个API密钥和秘密
  2. The API consumer uses the Secret to create a message digest HMAC of the message it sends into the API. API使用者使用Secret来创建发送到API的消息的消息摘要HMAC。

I've been considering using SHA256 for the signing, but want to be sure it will work with: 我一直在考虑使用SHA256进行签名,但想确保它可以与以下项一起使用:

  1. Android/Java 安卓/ Java的
  2. iOS iOS版
  3. all other major platform, etc. 所有其他主要平台等

I realize SHA-1 has good support, but I really need to use something stronger, if possible. 我意识到SHA-1有很好的支持,但是如果可能的话,我确实需要使用更强大的工具。

2 个解决方案

解决方案1
 3  2013-11-18 21:46:00

SHA256 is supported by CommonCrypto in iOS. iOS中的CommonCrypto支持SHA256。 Java supports it via MessageDigest.getInstance("SHA-256") , Android as well (Java). Java也通过MessageDigest.getInstance("SHA-256")和Android(Java)支持它。 And lets not forget Windows Phone where it's supported as well. 并且不要忘记Windows Phone也受支持。 That's pretty major in my opinion. 在我看来,这非常重要。

As you already pointed out you shouldn't use SHA1 as it's not secure enough anymore . 正如您已经指出的那样,您不应该使用SHA1,因为它已经不够安全了

解决方案2
 -1  2014-11-04 20:29:51

SHA-256withRSA is NOT supported in older android versions (verified the same in Android 4.0.3, 4.1.1). 较早的android版本不支持SHA-256withRSA(在Android 4.0.3、4.1.1中已验证相同)。 I have experienced this problem while using JSCEP. 我在使用JSCEP时遇到了这个问题。 The digest algorithm returned by SCEP server is SHA-256. SCEP服务器返回的摘要算法为SHA-256。 But SHA-256withRSA is not present in any default SecurityProviders in those android versions. 但是在那些android版本中,任何默认的SecurityProviders中都不存在SHA-256withRSA。 Found a relevant link: Which versions of Android support which package signing algorithms? 找到一个相关的链接: 哪些版本的Android支持哪种程序包签名算法?

This link shows that SHA-256withRSA was added later: https://android-review.googlesource.com/44360 此链接显示SHA-256withRSA稍后添加: https ://android-review.googlesource.com/44360

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Java sha256与Swift sha256不匹配 - Java sha256 does not match Swift sha256 Java mac sha256散列与使用pack的php hmac sha256不匹配? - Java mac sha256 hashing does not match with php hmac sha256 using pack? 在JDK 1.7.0 U221中启用对SHA256的支持 - Enabling support for SHA256 in JDK 1.7.0 U221 SHA256 HMAC没有给出预期的答案 - SHA256 HMAC does not give the expected answer SHA256的AES加密 - AES encryption with SHA256 PHP和Java中的SHA256 - SHA256 in PHP & Java Bazel sha256 校验和 - Bazel sha256 checksum SHA256withRSA和SHA256然后RSA之间的区别 - Difference between SHA256withRSA and SHA256 then RSA 在Java和SHA256中签名字符串 - sign a string in java and SHA256 贝宝证书升级到sha256 - Paypal certificate upgrade to sha256
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM